sendmail - block foreign relays

[scm68gt]

I am running Centos Linux 5.5 and Sendmail 8.13.8. I get tons of spam email that come from seemingly valid email addresses, but are relayed by foreign servers (e.g. the relay FQDN ends with .ru) or where the Received: from is just a bunch of letters (e.g. Received: from gnniolxp ([131.165.115.3])) or where the Received: from says that the relaying server name may be forged (eg. Received: from ushdq (nv-65-40-159-140.sta.embarqhsd.net [65.40.159.140] (may be forged))). How can I block this stuff? I already have the TLD names in my access_db - but I think that only looks at the senders email address.

Thanks ..... John

[Roxoff]

You probably want to include a line like this:

Code:

FEATURE(relay_hosts_only)

in your sendmail m4 file and rebuild.

There are plenty of tips about this on the sendmail.org pages, try this one here.

[scm68gt]

Thanks, Roxoff ... I have that set. But, the way I understand it, this is for spammers trying to use my server as a relay to another location. I want to stop spammers sending to my accounts. It seems that most of these jerks use relays based offshore. I want to block traffic coming from those servers/relays.

[Roxoff]

Thanks, Roxoff ... I have that set. But, the way I understand it, this is for spammers trying to use my server as a relay to another location.

Yes, this is what relaying is.

I want to stop spammers sending to my accounts. It seems that most of these jerks use relays based offshore. I want to block traffic coming from those servers/relays.

Then you want something like a realtime black hole. Take a look at this document, see section 18.8.4.1

[scm68gt]

Thanks again, Roxoff. I have added rbl to my configuration - although sendmail 18.13.8 didn't have rbl.m4. I'll see if it makes a difference. But this still doesn't address the issue of rogue relay servers. While this kind of thing is way over my head, I would have thought that someone would have figured out how to block these guys.

Thanks again.

[Roxoff]

It does attempt to resolve this issue. Before accepting mail for your users, sendmail checks that the mail is not coming from a known bad IP address. This could be an open relay or a spam generating host. It will not pick up everything, but if you get spam from other places, forward it to spamcop, and the IP address of the sender will end up in the blackhole lists.